This should bother my Computer Security students.
Since when is a 10% failure rate considered good?
Meghan Bogardus Cortez reports:
University end users are pretty good at identifying a scam.
Only 10 percent of simulated phishing emails sent to users at education institutions were successful, a new study from Wombat Security Technologies reports. The company monitored tens of millions of simulated phishing attacks sent over the course of a year through its Security Education Platform across more than 15 industries.
The State of the Phish 2018 report found that users in education were less likely to click on a phishing attempt than those in technology, entertainment, hospitality, government, consumer goods, retail and telecommunications.
Read more on EdTech
Magazine.
We’ve been considering how to prevent Russia
from hacking these devices instead of merely chatting on social
media.
The Risks
of Digital Democracy
Like many segments of the economy and society,
democracy is in the process of being digitized, a development that
promises new levels of efficiency but also brings new risks.
Consider the digitization
of voting machines, devices that date back to the 19th century.
The growing use of direct recording electronic (DRE) voting machines
has made possible fully digitized voting and the availability of near
real-time results.
But, the events of this summer’s 25th
annual DEF CON computer security conference illustrate the risks
that come with these benefits. As part of the conference, software
engineers were invited to a Voting Machine Hacking Village to try to
break in to commercially available DRE voting machines. The hackers
cracked the “secured” systems in less than two hours.
Something the CSO can use to start a discussion
with Senior Management? This has come up in several recent breaches.
SEC Tells
Execs Not to Trade While Investigating Security Incidents
The
U.S. Securities and Exchange Commission (SEC) on Wednesday announced
updated guidance on how public companies should handle the
investigation and disclosure of data breaches and other cybersecurity
incidents.
The
SEC has advised companies to inform investors in a timely fashion of
all cybersecurity incidents and risks – even
if the firm has not actually been targeted in a malicious attack.
The agency also believes companies should develop controls and
procedures for assessing the impact of incidents and risks.
While
directors, officers and the people in charge of developing these
controls and procedures should be made aware of security risks and
incidents, the SEC believes
these individuals should refrain from trading securities while in
possession of non-public information regarding a significant
cybersecurity incident.
[The
SEC Guidance:
https://www.sec.gov/rules/interp/2018/33-10459.pdf
Similar to the conclusions my students have
reached.
Global
Cybercrime Costs $600 Billion Annually: Study
A
report by the security firm McAfee with the Center for Strategic and
International Studies found theft of intellectual property represents
about one-fourth of the cost of cybercrime in 2017, and that other
attacks such as those involving ransomware are growing at a fast
pace.
Russia,
North Korea and Iran are the main sources of hackers targeting
financial institutions, while China is the most active in cyber
espionage, the report found.
Criminals
are using cutting-edge technologies including artificial intelligence
and encryption for attacks in cyberspace, with anonymity preserved by
using bitcoin or other cryptocurrency, the researchers said.
A
simple password testing tool.
I've Just
Launched "Pwned Passwords" V2 With Half a Billion Passwords
for Download
Last August, I launched a little feature within
Have I Been Pwned (HIBP) I
called Pwned
Passwords. This was a list of 320 million passwords from a range
of different data breaches which organisations could use to better
protect their own systems. How? NIST
explains:
When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised.
They then go on to recommend that passwords
"obtained from previous breach corpuses" should be
disallowed and that the service should "advise the subscriber
that they need to select a different secret".
[The
comparison tool: https://haveibeenpwned.com/Passwords
For my researching students.
Paper –
Text mining 101
EU OpenMinted Project Paper – What
is text mining, how does it work and why is it useful? “This
article will help you understand the basics in just a few minutes.
Text mining seeks to extract useful and important information
from heterogeneous document formats, such as web pages, emails,
social media posts, journal articles, etc. This is often done
through identifying patterns within texts, such as trends in words
usage, syntactic structure, etc. People often talk about ‘text and
data mining (TDM)’ at the same time, but strictly speaking text
mining is a specific form of data mining that deals with text…”
Is the sky really falling?
Top Experts
Warn Against 'Malicious Use' of AI
Artificial
intelligence could be deployed by dictators, criminals and terrorists
to manipulate elections and use drones in terrorist attacks, more
than two dozen experts said Wednesday as they sounded the alarm over
misuse of the technology.
In
a 100-page analysis, they outlined a rapid growth in cybercrime and
the use of "bots" to interfere with news gathering and
penetrate social media among a host of plausible scenarios in the
next five to 10 years.
"Our
report focuses on ways in which people could do deliberate harm with
AI," said Seán Ó hÉigeartaigh, Executive Director of the
Cambridge Centre for the Study of Existential Risk.
… Contributors
to the new report
– entitled "The
Malicious Use of AI: Forecasting, Prevention, and Mitigation"
-- also include experts from the Electronic Frontier Foundation, the
Center for a New American Security, and OpenAI, a leading non-profit
research company.
I’d say yes, but the cost might be prohibitive.
Can “Fake
News” be stopped?
On Wednesday, YouTube was forced to apologize for
a video that sat at the top of its “Trending” tab, which shows
users the most popular videos on the site. By the time it was
removed from the site, it had more than 200,000 views. The problem?
The video promoted
the conspiracy
theory peddled by alt-right propagandists that Parkland, Florida
high school student and shooting survivor David Hogg is an actor,
“bought and paid by CNN and George Soros.” The conspiracy theory
also found its way into a trending position on Facebook, where
clicking Hogg’s name “brought up several videos and articles
promoting the conspiracy that he’s a paid actor,” according to
Business
Insider.
The incident highlights the speed at which the
spread of false information occurs on algorithmically optimized
social media sites that are easy to game. What to do about it is the
subject of a new report from the New York think tank Data &
Society, “Dead
Reckoning: Navigating Content Moderation After ‘Fake News’,”
which coincidentally debuted yesterday, just as the Hogg conspiracy
theory spread across the internet. Based on a “year of field-based
research using stakeholder mapping, discourse and policy analysis, as
well as ethnographic and qualitative research of industry groups
working to solve ‘fake news’ issues,” the report sets out to
define the problem set before offering four strategies for addressing
it.
A wake-up slap to California?
Judge says
state can't force IMDB to take down actors' ages
A federal judge has blocked a California law that
would have forced IMDB to take down actors' ages on request.
The
law was signed by Governor Jerry Brown, a Democrat, in September
2016. It was supported by the Screen Actors Guild, which said the
law it would help prevent age discrimination in film and television
hiring.
IMDB quickly challenged the law in court, saying
that it "attempts to combat age discrimination in casting
through content-based censorship."
… In his order, Chhabria called the law
"clearly unconstitutional." He said it "singles out
specific, non-commercial content — age-related information — for
differential treatment."
The judge also said that even if the defendants,
the state of California and the Screen Actors Guild, demonstrated a
casual link between the availability of ages on IMDB and age
discrimination, it would not be enough to justify a "content
based restriction on IMDB's speech."
Chhabria added that "regulation of speech
must be a last resort."
Perspective. Perhaps all politicians are
delusional.
Bernie
blames Hillary for allowing Russian interference
Bernie Sanders on Wednesday blamed
Hillary Clinton for not doing more to stop the Russian
attack on the last presidential election. Then his 2016 campaign
manager, in an interview with POLITICO, said he’s seen no evidence
to support special counsel Robert Mueller's assertion in an
indictment last week that the Russian operation had backed Sanders'
campaign.
The remarks showed Sanders, running for a third
term and currently considered a front-runner for the Democratic
presidential nomination in 2020, deeply
defensive in response to questions posed to him about what
was laid out in the indictment. He attempted to thread a response
that blasts Donald Trump
for refusing to acknowledge that Russians helped his campaign — but
then holds himself harmless for a nearly identical denial.
Again I suggest that Amazon buy the USPS.
Postal-Service
Workers Are Shouldering the Burden for Amazon
Some classes for my students.
It is always thus for new technologies!
No comments:
Post a Comment